Senior Cloud Security Engineer, Celonis

• Proven Cloud Security Expertise: 5+ years of hands-on experience in security engineering with a strong focus on cloud (AWS, Azure, and GCP). Deep understanding of cloud architecture and services, and proven experience implementing security controls in a production cloud environment
• Kubernetes & Container Security: Strong experience securing containerized applications and Kubernetes clusters. Familiarity with tools and practices for container security (image vulnerability scanning, runtime security, Kubernetes network policies, service mesh security)
• Automation Skills: Proficiency in Infrastructure-as-Code and scripting. Demonstrated ability to use Terraform, CloudFormation or similar to deploy secure configurations, and to write scripts in Python, Go, or Bash to automate security workflows. You should be able to build tools or integrations that reduce manual effort and human error
• Cloud Security Posture Management: Hands-on experience with Cloud Security Posture Management (CSPM) solutions or implementing automated checks for cloud compliance. Ability to identify misconfigurations and weaknesses in cloud setups and remediate them (for example, S3 bucket policies, public exposure of resources, etc.)
• Identity & Access Management: In-depth understanding of cloud IAM and access control mechanisms. Experience designing role-based access schemes, managing federated identities (SAML/OIDC), and implementing principles of least privilege across multiple cloud accounts and services
• Vulnerability & Threat Management: Experience with vulnerability scanning tools (e.g., Tenable, Qualys) and interpreting their output. Knowledge of common cloud threats and vulnerabilities (OWASP Cloud Top 10, CIS benchmarks) and experience in remediating them
• Real-World Impact: A track record of securing real cloud deployments and solving security incidents or challenges in production. We value hands-on problem-solving skills and achievements—being able to point to projects and outcomes where you made a difference in security. (Formal degrees or certifications are less important than your proven ability to do the job.)

Desirable

• The Senior Cloud Security Engineer is a hands-on technical role focused on safeguarding Celonis’ cloud infrastructure across AWS, Azure, and GCP. In this role, you will design and implement cutting-edge security measures to protect a large-scale SaaS platform
• You’ll collaborate with cross-functional teams to ensure security is embedded in our cloud services and automate security processes for efficiency and consistency
• This role is ideal for a seasoned security engineer who enjoys solving complex cloud security challenges and wants to have a direct impact on the security posture of a fast-growing tech company
• Cloud Security Implementation: Implement and uphold cloud security best practices across multi-cloud environments. Harden our cloud infrastructure by leveraging native security features (e.g., AWS IAM & KMS, Azure AD & Key Vault, GCP IAM & KMS) and ensuring proper configuration of network controls, encryption, and logging
• Infrastructure & Kubernetes Security: Secure Celonis’ use of containerized applications and Kubernetes (EKS, AKS, GKE). This includes setting up container image scanning, enforcing Kubernetes security policies, managing secrets and certificates, and working with engineering teams to ensure microservices follow security guidelines
• Automation & Tooling: Develop and maintain automation scripts and Infrastructure-as-Code (Terraform, CloudFormation) to embed security into the deployment pipeline. Automate repetitive security tasks (such as provisioning secure configurations, patch management, and compliance checks) to improve efficiency and consistency
• Security Monitoring & Response: Enhance cloud security monitoring by tuning and extending CSPM tools and cloud-native monitoring (CloudTrail, GuardDuty, Azure Security Center, etc.). Identify potential vulnerabilities or misconfigurations proactively and work on fixes. Assist in investigating security alerts or incidents related to cloud infrastructure and coordinate remediation efforts
• Identity and Access Management: Continuously improve cloud IAM configurations to enforce least-privilege access. Manage roles, policies, and access keys across the organization’s cloud accounts. Implement solutions like Teleport to strengthen access controls for engineers and applications accessing sensitive cloud resources
• Vulnerability Management: Work with vulnerability scanning tools (such as Tenable Nessus/Tenable.io) to regularly scan cloud assets and container images
• Collaboration & Guidance: Serve as a security subject matter expert for cloud projects. Collaborate with developers, DevOps, and SRE teams to advise on secure architecture and coding practices. Contribute to threat modeling exercises and review new features/infrastructure for potential security risks before deployment

• Health and Wellbeing: Celonis is proud to offer competitive benefit options for you, your spouse or domestic partner, and your dependent children.
• Restricted Stock Options (RSUs): At Celonis, you’re not only a Celonaut but an owner. As a new hire, you will receive equity grants and have the opportunity to increase your equity holdings over time through annual refreshes and merit-based awards.
• Impact Days: Through Celonis’ annual Impact Days, every Celonaut has the opportunity to do something of significance that makes families, the communities we live in, our work, society, and the environment better.
• Parental Leave: Starting day one of employment, primary parents are eligible for 24 weeks of family leave for childbirth, surrogacy, and adoption, with 100% of pay and RSU vesting. Supporting parents are eligible for 12 weeks of family leave.

Total funding: $1.8bn

Celonis started out in an obscure niche which the company called process mining. Its first product was created to scan data logs for its clients and map out their processes in its entirety - inefficiencies and all. Celonis' product was in essence, to be considered a replacement for costly consultants and quants.